From doublef@tele-kom.ru  Wed Jun  4 06:47:41 2003
Return-Path: <doublef@tele-kom.ru>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7436A37B401
	for <freebsd-gnats-submit@freebsd.org>; Wed,  4 Jun 2003 06:47:41 -0700 (PDT)
Received: from mx.tele-kom.ru (mx.tele-kom.ru [213.80.148.6])
	by mx1.FreeBSD.org (Postfix) with SMTP id 84CC643F75
	for <freebsd-gnats-submit@freebsd.org>; Wed,  4 Jun 2003 06:47:39 -0700 (PDT)
	(envelope-from doublef@tele-kom.ru)
Received: (qmail 41684 invoked by uid 555); 4 Jun 2003 17:47:37 +0400
Received: from  (213.80.149.131)
	by t-k.ru with TeleMail/2 id 1054734456-41661
	for doublef@tele-kom.ru; Wed, Jun  4 17:47:36 2003 +0400 (MSD)
Message-Id: <20030604134737.41681.qmail@mx.tele-kom.ru>
Date: Wed, 4 Jun 2003 17:09:18 +0400 (MSD)
From: DoubleF <doublef@tele-kom.ru>
Reply-To: DoubleF <doublef@tele-kom.ru>
To: FreeBSD-gnats-submit@freebsd.org
Subject: Huge writes to nfs exported FAT filesystems cause server reboots	
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         52936
>Category:       kern
>Synopsis:       [nfs] Huge writes to nfs exported FAT filesystems cause server reboots
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jun 04 06:50:11 PDT 2003
>Closed-Date:    Fri Nov 16 07:14:47 UTC 2007
>Last-Modified:  Fri Nov 16 07:14:47 UTC 2007
>Originator:     DoubleF
>Release:        FreeBSD 4.8-RELEASE i386
>Organization:
Volgograd state technical university	
>Environment:
System: FreeBSD Shark.localdomain 4.8-RELEASE FreeBSD 4.8-RELEASE #8: Fri May 9 11:42:57 MSD 2003 df@Hal.localdomain:/usr/obj/usr/src/sys/SHARK i386

	Reproduced on 2 machines, both 4.8-RELEASE with FAT and NFS support
compiled into kernel:
	Shark: P54C-150, 32M RAM, 2G HDD (FAT is FAT16)
	Hal: AMD Duron-1300, 128M RAM, 80G HDD (FAT is FAT32)
	Reproduced on the same machines with the GENERIC kernel

>Description:
	During a large (client) write to the exported filesystem the kernel
page faults as follows:
-------------------------
Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x1
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc015d36f
stack pointer           = 0x10:0xccf70d80
frame pointer           = 0x10:0xccf70d9c
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 102 (nfsd)
interrupt mask          = net tty bio cam
trap number             = 12
panic: page fault
syncing disks... panic: lockmgr: non-zero exclusive count
Uptime: 3m0s
-------------------------
	The backtrace shows:
-------------------------
#0  0xc0161c9a in dumpsys ()
#1  0xc0161a6b in boot ()
#2  0xc0161e90 in poweroff_wait ()
#3  0xc015c3c9 in lockmgr ()
#4  0xc018c934 in vop_stdlock ()
#5  0xc0217f65 in ufs_vnoperate ()
#6  0xc0196a89 in vn_lock ()
#7  0xc018f85b in vget ()
#8  0xc021016f in ffs_sync ()
#9  0xc0191887 in sync ()
#10 0xc0161806 in boot ()
#11 0xc0161e90 in poweroff_wait ()
#12 0xc028500a in trap_fatal ()
#13 0xc0284cdd in trap_pfault ()
#14 0xc02848c7 in trap ()
#15 0xc015d36f in malloc ()
#16 0xc01dd6aa in nfsrv_dorec ()
#17 0xc01e1bd0 in nfssvc_nfsd ()
#18 0xc01e1863 in nfssvc ()
#19 0xc028522e in syscall2 ()
#20 0xc0278da5 in Xint0x80_syscall ()
#21 0x0804813e in ?? ()
-------------------------
	This does not happen when data is copied otherwise (f.e.
through netcat). 
>How-To-Repeat:
	On the server:
	The FAT filesystem is mounted read-write to, say, /DOS.
	The /etc/exports file contains the line
	/DOS	<client-name>
	On the client:
	# mount_nfs <server-name>:/DOS /mnt
	# cd /mnt
	# cat /dev/zero >aLargeFile
>Fix:
	None at the moment except for not exporting FAT filesystems by
	NFS.

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: kmacy 
State-Changed-When: Fri Nov 16 07:10:50 UTC 2007 
State-Changed-Why:  

A lot has changed since 4.8. Is this still an issue with RELENG_6? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=52936 
State-Changed-From-To: feedback->closed 
State-Changed-By: kmacy 
State-Changed-When: Fri Nov 16 07:14:17 UTC 2007 
State-Changed-Why:  

Submitter mail bounced. I have not heard of this issue with RELENG_6. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=52936 
>Unformatted:
